In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "156570647428933217016600402426631358059", "285313821535164759433068119013800958846", "80978050283705474273395135024606546295", "223083789694049584572380751563206903614", "246899808374583590285470226485459707618", "137270986338123338179086184936831594829", "238900892584269911001796758699393205692" ] }, "id": "ASB-A-219808546-01867c8e", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/include/security.h" }, "signature_type": "Line" }, { "digest": { "length": 746.0, "function_hash": "247266689512410582365801576134697224102" }, "id": "ASB-A-219808546-126ce294", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/ss/services.c", "function": "security_load_policycaps" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "287409374634480683449800681789749982082", "98169911075611632610498037291431566988", "52252446319907660014479736438093843154", "82849443918328912265236355193313164438" ] }, "id": "ASB-A-219808546-3eddebb8", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/include/classmap.h" }, "signature_type": "Line" }, { "digest": { "length": 238.0, "function_hash": "4215951327755423430673342538712713966" }, "id": "ASB-A-219808546-526265a3", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/nlmsgtab.c", "function": "nlmsg_set_getlink_perm" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "230753965376922977629566320427783515712", "115467347995511549052053145802408434014", "150807161387766984077631197921494320246", "239311808423449284444489006584098474201", "321639962416390510899904094417745371151", "77617415633580572504604586610578741262", "129892709900090553278233421836608472000" ] }, "id": "ASB-A-219808546-82af6a70", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/ss/policydb.h" }, "signature_type": "Line" }, { "digest": { "length": 7288.0, "function_hash": "130011141683470494455435041522725233325" }, "id": "ASB-A-219808546-9289caac", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/ss/policydb.c", "function": "policydb_read" }, "signature_type": "Function" }, { "digest": { "length": 153.0, "function_hash": "227686437916886864492044196997812815513" }, "id": "ASB-A-219808546-9aed472b", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/nlmsgtab.c", "function": "selinux_nlmsg_init" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "56911450083015637752009258244507519616", "19709044311113668180965774461854381054", "101725741426435884393778463198998024732", "14177592518355038749838878209866860572" ] }, "id": "ASB-A-219808546-cb6048d3", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/ss/services.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "246137975113633883516354165979540720276", "295065996821730629164403149247076659970", "119099446732225842491575534446004677601", "125093938621645381181556702666234687924", "192257790020209441551918772093390621948", "18761695330454909349177163539989226354", "62803555351083684243627380029013645112", "118043137274696721326934401984119029430", "38171051377285703415839875823499494000", "15595631715659756146613280728419399345", "22277047539510314019950747862424142201", "7622854038708717312349059584499896645", "63811326599358419348126270473568252854", "213809812405681135824237615158730115430", "95626890609427891368520388214834620931" ] }, "id": "ASB-A-219808546-db80a2eb", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/nlmsgtab.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "326944690340598961871039831391538854670", "324922315851607331794700950047091054930", "242084750836174201146771118535213522334" ] }, "id": "ASB-A-219808546-f1e2b940", "source": "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/ss/policydb.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/9152b8d66c22c271e29ccfb381a121f1ec6eaeac" ], "spl": "2022-09-05", "severity": "High", "types": [ "ID" ] }